Not every site is the same; that is why we have always been hesitant to take a blanket approach to WordPress Security. For example, several sites are behind some proxy. When a site is behind a proxy, it could appear that every visitor is coming from the same IP address. When malicious actors seem to have the same IP of your customers, it can make it tricky to lockout the correct IPs and prevent the attacker from bypass the lockout.
iThemes Security Check Pro Proxy Detection
iThemes Security version 7.6.0 now includes the Security Check Pro, which was previously only available in iThemes Security Pro. The Security Check Pro helps to identify the IPs that visit your site correctly. With the correct IP in hand, iThemes Security will be better suited to lockout any malicious attackers that have targeted your site.
New! Security Check Pro Enhancements
Our iThemes Security Pro users will also notice a couple of enhancements to the Security Check Pro after updating to version 6.3.0. You can customize the Proxy Detection settings in the iThemes Security Pro Global Settings. Or, if you don’t know or don’t care if your site is behind a Proxy, you can let iThemes Security check your server configurations and choose the best option to protect your site. The Security Check Pro will perform a daily scan to check for any server configuration adjustments. If any adjustments are found, iThemes Security will make automatically update the security settings if necessary.
However, for those who prefer to take a more hands-on approach to security, the Proxy Detection settings now give you several options that will help iThemes Security best protect your site.
- Security Check Scan – (Recommended) Security Check will connect to the iThemes.com servers to accurately identify your server configuration. Security Check will correctly identify remote IP addresses and ensure your site is using the recommended features.
- Automatic – (Not Recommended) iThemes Security will try to find the correct proxy header to use automatically.
- Manual – Manually select the header your proxy uses.
- Disabled – Do not use Proxy Detection if your website isn’t behind a proxy.
WordPress security shouldn’t be hard, and the Security Check Pro simplifies and increases the security for the free and Pro users of iThemes Security.
Minor Trusted Device Change for CCPA Compliance
The California Consumer Privacy Act went into effect at the beginning of the year. With that in mind, we wanted to make our Pro users aware of a change in the Trusted Devices feature.
The Trusted Devices feature has the option to use the MaxMind DB for Geolocation lookups. The MaxMind DB now requires you to create an account to use their API. So what does that mean for you? Starting in iThemes Security Pro version 6.3.3 you will be required to create an account with MaxMind. Checkout out our Help Center for instructions on how to create an account.
Each week, Michael puts together the WordPress Vulnerability Report to help keep your sites safe. As Product Manager at iThemes, he helps us continue to improve the iThemes product lineup. He’s a giant nerd & loves learning about all things tech, old & new. You can find Michael hanging out with his wife & daughter, reading or listening to music when not working.